Eric Soroos

7 exploits Active since Jun 2020
CVE-2020-10378 WRITEUP MEDIUM WRITEUP
Pillow < 7.1.0 - Out-of-bounds Read in PCX Image Decoder
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
CVSS 5.5
CVE-2020-10379 WRITEUP HIGH WRITEUP
Pillow < 7.1.0 - Buffer Overflow in libImaging/TiffDecode.c
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
CVSS 7.8
CVE-2021-28676 WRITEUP HIGH WRITEUP
Pillow < 8.2.0 - Denial of Service via FLI Block Advance Infinite Loop
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
CVSS 7.5
CVE-2022-45199 WRITEUP HIGH WRITEUP
Pillow < 9.3.0 - Denial of Service via SAMPLESPERPIXEL
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVSS 7.5
CVE-2025-48379 WRITEUP HIGH WRITEUP
Pillow 11.2.0-11.2.9 - Heap-based Buffer Overflow in DDS Image Writing
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
CVSS 7.1
CVE-2025-64100 WRITEUP MEDIUM WRITEUP
CKAN <2.10.9, <2.11.4 - Info Disclosure
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4
CVSS 6.1
CVE-2026-25990 WRITEUP HIGH WRITEUP
Pillow 10.3.0-12.1.0 - Out-of-bounds Write via Crafted PSD Image
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
CVSS 7.5